[krbdev.mit.edu #7632] krb5kdc won't start
The RT System itself via RT
rt-comment at krbdev.mit.edu
Wed May 8 14:33:18 EDT 2013
>From krb5-bugs-incoming-bounces at PCH.mit.edu Wed May 8 14:33:18 2013
Return-Path: <krb5-bugs-incoming-bounces at PCH.mit.edu>
Received: from pch.mit.edu (PCH.MIT.EDU [18.7.21.90])
by krbdev.mit.edu (Postfix) with ESMTP id 0DEFE58F16;
Wed, 8 May 2013 14:33:18 -0400 (EDT)
Received: from pch.mit.edu (pch.mit.edu [127.0.0.1])
by pch.mit.edu (8.13.6/8.12.8) with ESMTP id r48IXF2C017336;
Wed, 8 May 2013 14:33:15 -0400
Received: from mailhub-dmz-3.mit.edu (MAILHUB-DMZ-3.MIT.EDU [18.9.21.42])
by pch.mit.edu (8.13.6/8.12.8) with ESMTP id r48FM6SW023358
for <krb5-bugs-incoming at PCH.mit.edu>; Wed, 8 May 2013 11:22:06 -0400
Received: from dmz-mailsec-scanner-7.mit.edu (DMZ-MAILSEC-SCANNER-7.MIT.EDU
[18.7.68.36])
by mailhub-dmz-3.mit.edu (8.13.8/8.9.2) with ESMTP id r48FHeAe005477
for <krb5-bugs at mit.edu>; Wed, 8 May 2013 11:22:06 -0400
X-AuditID: 12074424-b7f8c6d0000028c4-0d-518a6d9dab31
Authentication-Results: symauth.service.identifier
Received: from mail-da0-f46.google.com (mail-da0-f46.google.com
[209.85.210.46])
by dmz-mailsec-scanner-7.mit.edu (Symantec Messaging Gateway) with SMTP
id 82.79.10436.D9D6A815; Wed, 8 May 2013 11:22:05 -0400 (EDT)
Received: by mail-da0-f46.google.com with SMTP id e20so1036488dak.33
for <krb5-bugs at mit.edu>; Wed, 08 May 2013 08:22:05 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20120113;
h=mime-version:x-received:date:message-id:subject:from:to
:content-type; bh=kn/KKRCKjK14i9RcmZZpB5KFQEO4Q3jsaTZZneGsY0Q=;
b=VKA6FKnzIqn9qykStqHDbcsdbk7EJu/gLOIV3JlyLNouYSuY1e8yPg7qARGzBOKdY4
305RZd8K8X96csRv2UoPhXzid7qW81/CFf1HFbZLHjKkJAtFbUzxc+qhWwZRUMfLmCgV
YJDTDDmBFX7XSYts+IcM88bDhjCwuTTpTyR1GxQwMEWhFXUyjK7/e7iAtJqDt3hwIvQa
vZO+81SL3rhOXvw4D+lQBAuxEV/+ocRfmibBym9ZGVDKLlHiMIIRRQbOQAH2B22JenTe
AroEdmH2bvPYy35egcE9HE4kxELGyM6fPSQ6Xn47Y0BaZ25ha6lS52V7Ecyec+7/Z7Tk
jHSg==
MIME-Version: 1.0
X-Received: by 10.68.88.194 with SMTP id bi2mr8013111pbb.12.1368026525097;
Wed, 08 May 2013 08:22:05 -0700 (PDT)
Received: by 10.66.150.163 with HTTP; Wed, 8 May 2013 08:22:04 -0700 (PDT)
Date: Wed, 8 May 2013 17:22:04 +0200
Message-ID: <CACDPosJF_s=kp7yWSVXYmrv+Us1h+K3ScNVYU+625E2uKZ7tgQ at mail.gmail.com>
Subject: Bind DN entry missing in stash file
From: Augustin Wolf <augustynwilk at gmail.com>
To: krb5-bugs at mit.edu
Content-Type: multipart/mixed; boundary=047d7b673c7a126dfd04dc367fa5
X-Brightmail-Tracker: H4sIAAAAAAAAA+NgFvrDKsWRWlGSWpSXmKPExsVyMfSSnu7c3K5Ag+dLjC0aHh5nd2D0aDpz
lDmAMYrLJiU1J7MstUjfLoEr48OtZSwFTVoVly91szYwvlHrYuTkkBAwkbhzfh4jiM0oYCSx
+9wrVoi4mMSFe+vZuhi5OIQEbjJKdC6fwgTh9DBK7OlYyQ5SxSLQwSqx6r4GiM0rIChxcuYT
li5GDqDuIonz94RAwkICXhKzVv1hgihXkTg59RA7RHmAxJ3Lp8GWCQvoSPxcdI0FxGYDsvcf
nQJWLyIgKvHy7zGwOLOAi0TP1bVsExj5ZyHZNgtJCsLWkXjX94AZwjaXOLh6IlSNicStgy+g
bEWJKd0P2WeB/Skj0fL/DiNE3ELide8P1llAHzALmEqs+VCOTfnmnWeYFjByr2KUTcmt0s1N
zMwpTk3WLU5OzMtLLdI118vNLNFLTSndxAiMHCF2F5UdjM2HlA4xCnAwKvHwZiR2BQqxJpYV
V+YeYpTkYFIS5W3NAgrxJeWnVGYkFmfEF5XmpBYfYlQB2vtow+oLjFIsefl5qUoivPdSgOp4
UxIrq1KL8mHKpDlYlMR5r6fc9BcSSE8sSc1OTS1ILYLJMnGwH2KU4eBQkuBdnwPULViUmp5a
kZaZU4KshhNEcB1ilODgAVqzBaSQt7ggMbc4Mx2i6BSjMcfVbU9eM3Ls2PziNaMQ2EVS4rx7
QEoFQEozSvPgRsIS5SVGWSlhXkYGBgYhHqCbgMGCKv+KURwYJMK8v0Cm8GTmlcDtewV0ChPQ
KQl87SCnlCQipKQaGFlKToYd0lz3/V3Jkmphrbefp1z7u9stfelaluUnVdzq23h3Gio7BF24
/HnGtEN5t1wXHs8W0fBRXrp5sS3nN2XhbCsFhpsXdUIOfIvq/iwlJN+px/Az6OensJfCmy81
1N0+FXjQ2WBRwbxdt448PjC5yC3+sXHPI5GJ4roMcjzLNxQ4rlc7nq7EUpyRaKjFXFScCAA+
tSF1jwMAAA==
X-Mailman-Approved-At: Wed, 08 May 2013 14:33:10 -0400
X-BeenThere: krb5-bugs-incoming at mailman.mit.edu
X-Mailman-Version: 2.1.6
Precedence: list
Sender: krb5-bugs-incoming-bounces at PCH.mit.edu
Errors-To: krb5-bugs-incoming-bounces at PCH.mit.edu
--047d7b673c7a126dfd04dc367fa5
Content-Type: text/plain; charset=ISO-8859-1
>Submitter-Id: vokankh.net
>Originator: root
>Organization:
Student
>Confidential: no
>Synopsis: krb5kdc won't start
>Severity: serious
>Priority: high
>Category: krb5kdc
>Class: support
>Release: 1.10.3
>Environment:
System: Linux virtual.vokankh.net 2.6.32-279.el6.x86_64 #1 SMP Fri Jun
22 12:19:21 UTC 2012 x86_64 x86_64 x86_64 GNU/Linux
Architecture: x86_64, on VirtualBox 4.1.18
>Description:
While trying to start krb5kdc I got error:Starting Kerberos 5
KDC: krb5kdc: cannot initialize realm VOKANKH.NET - see log file for
details,
In log file ther's single line:
"""krb5kdc: Error reading password from stash: Bind DN entry missing
in stash file - while initializing database for realm VOKANKH.NET"""
the realm was created with:
"""kdb5_ldap_util -D "cn=krbadmin,ou=Services,dc=vokankh,dc=net"
create -sscope SUB -r VOKANKH.NET -sf
/var/kerberos/krb5kdc/vokankh_stash.keyfile -s"""
The stashfile exists. After recreating stash file with:
"""kdb5_ldap_util -D "cn=admin,dc=vokankh,dc=net" stashsrvpw -f
/var/kerberos/krb5kdc/vokankh_stash.keyfile
"cn=krbadmin,ou=Services,dc=vokankh,dc=net" """
problem persists.
>How-To-Repeat:
on Centos 6.3 install:krb5-server krb5-libs krb5-auth-dialog
krb5-server-ldap krb5-devel
prepare "krb5.conf", as in attachment, prepare "kdc.conf" as in attchement
start krb5kdc with /etc/init.d/krb5kdc start
>Fix:
Please add to documentation possible bugs fix.
--047d7b673c7a126dfd04dc367fa5
Content-Type: application/octet-stream; name="kdc.conf"
Content-Disposition: attachment; filename="kdc.conf"
Content-Transfer-Encoding: base64
X-Attachment-Id: f_hggnm0p30
W2tkY2RlZmF1bHRzXQoga2RjX3BvcnRzID0gODgKIGtkY190Y3BfcG9ydHMgPSA4OAoKW3JlYWxt
c10KIEVYQU1QTEUuQ09NID0gewogICNtYXN0ZXJfa2V5X3R5cGUgPSBhZXMyNTYtY3RzCiAgYWNs
X2ZpbGUgPSAvdmFyL2tlcmJlcm9zL2tyYjVrZGMva2FkbTUuYWNsCiAgZGljdF9maWxlID0gL3Vz
ci9zaGFyZS9kaWN0L3dvcmRzCiAgYWRtaW5fa2V5dGFiID0gL3Zhci9rZXJiZXJvcy9rcmI1a2Rj
L2thZG01LmtleXRhYgogIHN1cHBvcnRlZF9lbmN0eXBlcyA9IGFlczI1Ni1jdHM6bm9ybWFsIGFl
czEyOC1jdHM6bm9ybWFsIGRlczMtaG1hYy1zaGExOm5vcm1hbCBhcmNmb3VyLWhtYWM6bm9ybWFs
IGRlcy1obWFjLXNoYTE6bm9ybWFsIGRlcy1jYmMtbWQ1Om5vcm1hbCBkZXMtY2JjLWNyYzpub3Jt
YWwKIH0KClZPS0FOS0guTkVUID0gewogICNtYXN0ZXJfa2V5X3R5cGUgPSBhZXMyNTYtY3RzCiAg
bGRhcF9rZGNfZG4gPSBjbj1rZXJiZXJvcyxvdT1TZXJ2aWNlcyxkYz12b2thbmtoLGRjPW5ldAog
IGxkYXBfa2FkbWluZF9kbiA9IGNuPWtyYmFkbWluLG91PVNlcnZpY2VzLGRjPXZva2Fua2gsZGM9
bmV0CiAgYWNsX2ZpbGUgPSAvdmFyL2tlcmJlcm9zL2tyYjVrZGMvdm9rYW5raC5hY2wKICBkaWN0
X2ZpbGUgPSAvdXNyL3NoYXJlL2RpY3Qvd29yZHMKICBhZG1pbl9rZXl0YWIgPSAvdmFyL2tlcmJl
cm9zL2tyYjVrZGMvdm9rYW5raC5rZXl0YWIKICBzdXBwb3J0ZWRfZW5jdHlwZXMgPSBhZXMyNTYt
Y3RzOm5vcm1hbCBhZXMxMjgtY3RzOm5vcm1hbCBkZXMzLWhtYWMtc2hhMTpub3JtYWwgYXJjZm91
ci1obWFjOm5vcm1hbCBkZXMtaG1hYy1zaGExOm5vcm1hbCBkZXMtY2JjLW1kNTpub3JtYWwgZGVz
LWNiYy1jcmM6bm9ybWFsCn0K
--047d7b673c7a126dfd04dc367fa5
Content-Type: application/octet-stream; name="krb5.conf"
Content-Disposition: attachment; filename="krb5.conf"
Content-Transfer-Encoding: base64
X-Attachment-Id: f_hggnm0q91
W2xvZ2dpbmddCiBkZWZhdWx0ID0gRklMRTovdmFyL2xvZy9rcmI1bGlicy5sb2cKIGtkYyA9IEZJ
TEU6L3Zhci9sb2cva3JiNWtkYy5sb2cKIGFkbWluX3NlcnZlciA9IEZJTEU6L3Zhci9sb2cva2Fk
bWluZC5sb2cKCltsaWJkZWZhdWx0c10KIGRlZmF1bHRfcmVhbG0gPSBWT0tBTktILk5FVAogZG5z
X2xvb2t1cF9yZWFsbSA9IGZhbHNlCiBkbnNfbG9va3VwX2tkYyA9IGZhbHNlCiB0aWNrZXRfbGlm
ZXRpbWUgPSAyNGgKIHJlbmV3X2xpZmV0aW1lID0gN2QKIGZvcndhcmRhYmxlID0gdHJ1ZQoKW3Jl
YWxtc10KICBFWEFNUExFLkNPTSA9IHsKICBrZGMgPSBrZXJiZXJvcy5leGFtcGxlLmNvbQogIGFk
bWluX3NlcnZlciA9IGtlcmJlcm9zLmV4YW1wbGUuY29tCiB9CgogVk9LQU5LSC5ORVQgPSB7CiAg
a2RjID0gdmlydHVhbC52b2thbmtoLm5ldAogIG1hc3Rlcl9rZGMgPSB2aXJ0dWFsLnZva2Fua2gu
bmV0CiAgYWRtaW5fc2VydmVyID0gdmlydHVhbC52b2thbmtoLm5ldAogIGRlZmF1bHRfZG9tYWlu
ID0gdm9rYW5raC5uZXQKICBkYXRhYmFzZV9tb2R1bGUgPSBsZGFwX3Zva2Fua2gKIH0KCltkb21h
aW5fcmVhbG1dCiAuZXhhbXBsZS5jb20gPSBFWEFNUExFLkNPTQogZXhhbXBsZS5jb20gPSBFWEFN
UExFLkNPTQogdm9rYW5raC5uZXQgPSBWT0tBTktILk5FVAogLnZva2Fua2gubmV0ID0gVk9LQU5L
SC5ORVQKIHZpcnR1YWwudm9rYW5raC5uZXQgPSBWT0tBTktILk5FVAogLnZpcnR1YWwudm9rYW5r
aC5uZXQgPSBWT0tBTktILk5FVAoKW2FwcGRlZmF1bHRzXQpwYW0gPSB7CiAgZGVidWcgPSB0cnVl
CiAgdGlja2V0X2xpZmV0aW1lID0gMzYwMDAKICByZW5ld19saWZldGltZSA9IDM2MDAwCiAgZm9y
d2FyZGFibGUgPSB0cnVlCiAga3JiNF9jb252ZXJ0ID0gZmFsc2UKfQoKW2RibW9kdWxlc10KIGxk
YXBfdm9rYW5raCA9IHsKICBkYl9saWJyYXJ5ID0ga2xkYXAKIyMgRE4gZm9yIHRoZSBnbG9iYWwg
S2VyYmVyb3MgY29udGFpbmVyIGVudHJ5IAogIGxkYXBfa2VyYmVyb3NfY29udGFpbmVyX2RuID0g
b3U9a2VyYmVyb3Msb3U9U2VydmljZXMsZGM9dm9rYW5raCxkYz1uZXQKICBsZGFwX2tkY19kbiA9
IGNuPWtyYmFkbWluLG91PVNlcnZpY2VzLGRjPXZva2Fua2gsZGM9bmV0IAkjIyB0aGlzIG9iamVj
dCBuZWVkcyB0byBoYXZlIFJFQUQgcmlnaHRzIG9uIHRoZSByZWFsbSBjb250YWluZXIsIHByaW5j
aXBhbCBjb250YWluZXIgYW5kIHJlYWxtIHN1Yi10cmVlcwogIGxkYXBfa2FkbWluZF9kbiA9ICJj
bj1rcmJhZG1pbixvdT1TZXJ2aWNlcyxkYz12b2thbmtoLGRjPW5ldCIgIyMgdGhpcyBvYmplY3Qg
bmVlZHMgdG8gaGF2ZSBSRUFEIGFuZCBXUklURSByaWdodHMgb24gdGhlIHJlYWxtIGNvbnRhaW5l
ciwgcHJpbmNpcGFsIGNvbnRhaW5lciBhbmQgcmVhbG0gc3ViLXRyZWVzCiAgbGRhcF9zZXJ2aWNl
X3Bhc3N3b3JkX2ZpbGUgPSAvdmFyL2tlcmJlcm9zL2tyYjVrZGMvdm9rYW5raF9zdGFzaC5rZXlm
aWxlCiAgbGRhcF9zZXJ2ZXJzID0gbGRhcDovL3ZpcnR1YWwudm9rYW5raC5uZXQKICBsZGFwX2Nv
bm5zX3Blcl9zZXJ2ZXIgPSA1Cn0K
--047d7b673c7a126dfd04dc367fa5--
More information about the krb5-bugs
mailing list